'Group objects by distinct value and while returning list of common values in jq

I have an array of vulnerabilities with duplicate hostnames and vulns. I would like to output an object by hostname and IP to include a list of vulnerabilities associated to that host.

So far I have been able to pull the object below with this query jq 'group_by(."Host Name") | map({"HostName": .[0]."Host Name", "IP": .[0]."IP Address", Vuln: map(.NexposeID) | unique})'

What I'm missing is an array of "Vuln" objects to include values like proof, description, and title for each nexposeid.

[
  {
    "HostName": "host1",
    "IP": "10.1.10.20",
    "Vuln": [
      "apache-log4j-core-cve-2021-44228",
      "apache-log4j-core-cve-2021-45046",
      "apache-log4j-core-cve-2021-45105"
    ]
  },
  {
    "HostName": "host2",
    "IP": "10.1.10.10",
    "Vuln": [
      "apache-log4j-core-cve-2021-44228",
      "apache-log4j-core-cve-2021-45046",
      "apache-log4j-core-cve-2021-45105"
    ]
  }
]

Sample JSON

[
  {
    " Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations",
    "Host Name": "host1",
    "IP Address": "10.1.10.20",
    "NexposeID": "apache-log4j-core-cve-2021-45046",
    "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
    "Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
    "Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
    "Solution Summary": "Upgrade Apache Log4j Core to the latest version",
    "Solution Type": "PATCH",
    "Solution url": "https://logging.apache.org/log4j/2.x/download.html",
    "Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments."
  },
  {
    " Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations",
    "Host Name": "host1",
    "IP Address": "10.1.10.20",
    "NexposeID": "apache-log4j-core-cve-2021-45046",
    "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
    "Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
    "Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
    "Solution Summary": "Upgrade Apache Log4j Core to the latest version",
    "Solution Type": "PATCH",
    "Solution url": "https://logging.apache.org/log4j/2.x/download.html",
    "Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments."
  },
  {
    " Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations",
    "Host Name": "host2",
    "IP Address": "10.1.10.10",
    "NexposeID": "apache-log4j-core-cve-2021-45046",
    "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
    "Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
    "Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
    "Solution Summary": "Upgrade Apache Log4j Core to the latest version",
    "Solution Type": "PATCH",
    "Solution url": "https://logging.apache.org/log4j/2.x/download.html",
    "Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments."
  },
  {
    " Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations",
    "Host Name": "host2",
    "IP Address": "10.1.10.10",
    "NexposeID": "apache-log4j-core-cve-2021-45046",
    "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
    "Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
    "Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
    "Solution Summary": "Upgrade Apache Log4j Core to the latest version",
    "Solution Type": "PATCH",
    "Solution url": "https://logging.apache.org/log4j/2.x/download.html",
    "Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments."
  },
  {
    " Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
    "Host Name": "host1",
    "IP Address": "10.1.10.20",
    "NexposeID": "apache-log4j-core-cve-2021-45105",
    "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
    "Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
    "Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
    "Solution Summary": "Upgrade Apache Log4j Core to 2.12.3",
    "Solution Type": "PATCH",
    "Solution url": "https://logging.apache.org/log4j/2.x/download.html",
    "Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack."
  },
  {
    " Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
    "Host Name": "host1",
    "IP Address": "10.1.10.20",
    "NexposeID": "apache-log4j-core-cve-2021-45105",
    "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
    "Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
    "Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
    "Solution Summary": "Upgrade Apache Log4j Core to 2.12.3",
    "Solution Type": "PATCH",
    "Solution url": "https://logging.apache.org/log4j/2.x/download.html",
    "Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack."
  },
  {
    " Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
    "Host Name": "host2",
    "IP Address": "10.1.10.10",
    "NexposeID": "apache-log4j-core-cve-2021-45105",
    "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
    "Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
    "Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
    "Solution Summary": "Upgrade Apache Log4j Core to 2.12.3",
    "Solution Type": "PATCH",
    "Solution url": "https://logging.apache.org/log4j/2.x/download.html",
    "Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack."
  },
  {
    " Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
    "Host Name": "host2",
    "IP Address": "10.1.10.10",
    "NexposeID": "apache-log4j-core-cve-2021-45105",
    "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
    "Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
    "Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
    "Solution Summary": "Upgrade Apache Log4j Core to 2.12.3",
    "Solution Type": "PATCH",
    "Solution url": "https://logging.apache.org/log4j/2.x/download.html",
    "Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack."
  },
  {
    " Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution",
    "Host Name": "host1",
    "IP Address": "10.1.10.20",
    "NexposeID": "apache-log4j-core-cve-2021-44228",
    "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
    "Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
    "Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
    "Solution Summary": "Upgrade Apache Log4j Core to the latest version",
    "Solution Type": "PATCH",
    "Solution url": "https://logging.apache.org/log4j/2.x/download.html",
    "Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later."
  },
  {
    " Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution",
    "Host Name": "host1",
    "IP Address": "10.1.10.20",
    "NexposeID": "apache-log4j-core-cve-2021-44228",
    "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
    "Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
    "Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
    "Solution Summary": "Upgrade Apache Log4j Core to the latest version",
    "Solution Type": "PATCH",
    "Solution url": "https://logging.apache.org/log4j/2.x/download.html",
    "Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later."
  },
  {
    " Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution",
    "Host Name": "host2",
    "IP Address": "10.1.10.10",
    "NexposeID": "apache-log4j-core-cve-2021-44228",
    "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
    "Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
    "Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
    "Solution Summary": "Upgrade Apache Log4j Core to the latest version",
    "Solution Type": "PATCH",
    "Solution url": "https://logging.apache.org/log4j/2.x/download.html",
    "Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later."
  },
  {
    " Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution",
    "Host Name": "host2",
    "IP Address": "10.1.10.10",
    "NexposeID": "apache-log4j-core-cve-2021-44228",
    "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
    "Proof Key": "/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar",
    "Solution Fix": "Download and apply the patch from: https://logging.apache.org/log4j/2.x/download.html (https://logging.apache.org/log4j/2.x/download.html)",
    "Solution Summary": "Upgrade Apache Log4j Core to the latest version",
    "Solution Type": "PATCH",
    "Solution url": "https://logging.apache.org/log4j/2.x/download.html",
    "Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later."
  }
]
jsongroup-byjq


Solution 1:[1]

You can use the same technique with group_by to group by .NexposeID as you did with ."Host Name":

jq '
  group_by(."Host Name") | map(
    (.[0] | {"Host Name", "IP Address"}) + {Vuln: (
      group_by(.NexposeID) | map(
        .[0] | {(.NexposeID): {Proof, "Vulnerability Description", " Vulnerability Title"}}
      )
      | add
    )}
  )
'

Demo

You may also employ reduce to avoid adding the fields afterwards:

jq '
  group_by(."Host Name") | map(
    reduce group_by(.NexposeID)[][0] as $g (
      .[0] | {"Host Name", "IP Address"};
      .Vuln[$g.NexposeID] = ($g | {Proof, "Vulnerability Description", " Vulnerability Title"})
    )
  )
'

Demo

Output:

[
  {
    "Host Name": "host1",
    "IP Address": "10.1.10.20",
    "Vuln": {
      "apache-log4j-core-cve-2021-44228": {
        "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
        "Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later.",
        " Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution"
      },
      "apache-log4j-core-cve-2021-45046": {
        "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
        "Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments.",
        " Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations"
      },
      "apache-log4j-core-cve-2021-45105": {
        "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
        "Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack.",
        " Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
      }
    }
  },
  {
    "Host Name": "host2",
    "IP Address": "10.1.10.10",
    "Vuln": {
      "apache-log4j-core-cve-2021-44228": {
        "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
        "Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later.",
        " Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution"
      },
      "apache-log4j-core-cve-2021-45046": {
        "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
        "Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments.",
        " Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations"
      },
      "apache-log4j-core-cve-2021-45105": {
        "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
        "Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack.",
        " Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
      }
    }
  }
]

Edit: If you prefer the .Vuln field to be an array of objects, here's a solution using unique_by:

jq '
  group_by(."Host Name") | map(
    (.[0] | {"Host Name", "IP Address"}) +
    {Vuln: unique_by(.NexposeID) | map(
      {Proof, "Vulnerability Description", " Vulnerability Title"}
    )}
  )
'

[
  {
    "Host Name": "host1",
    "IP Address": "10.1.10.20",
    "Vuln": [
      {
        "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
        "Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later.",
        " Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution"
      },
      {
        "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
        "Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments.",
        " Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations"
      },
      {
        "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
        "Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack.",
        " Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
      }
    ]
  },
  {
    "Host Name": "host2",
    "IP Address": "10.1.10.10",
    "Vuln": [
      {
        "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
        "Vulnerability Description": "One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. This check requires the Security Console and Scan Engines to be on product version 6.6.118 or later.",
        " Vulnerability Title": "Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution"
      },
      {
        "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)No mitigation applied. JndiLookup class discovered.",
        "Vulnerability Description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all environments; remote code execution has been demonstrated on macOS but no other tested environments.",
        " Vulnerability Title": "Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations"
      },
      {
        "Proof": "Vulnerable software installed: Apache Log4j Core 2.8.2 (/opt/IBM/WebSphere/AppServer/properties/patches/backup/9.0.5.3-WS-WASProd-IFPH42762/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.8.2.jar)",
        "Vulnerability Description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack.",
        " Vulnerability Title": "Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
      }
    ]
  }
]

Demo

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Export and Import documents with UUID from MongoDB Compass Windows Application

How to fix JSON indentation in vim?

Can a JSON value contain a multiline string

How to unrealize a json using GSON? Get an error

Javascript: How to generate formatted easy-to-read JSON straight from an object? [duplicate]

Filter jsonb results in subselect

How do I iterate an array of JSON data to always get the first JSON object

MongoDB BsonDocument - Serialize JSON as key-object

POJO Json object wrapped in double quotes doesn't deserialize to Java

How to reliably get the image used in the Wikipedia Infobox?

can't watch multiple files with json-server

send json parameters to webservices

Posting a File and Associated Data to a RESTful WebService preferably as JSON

LocalDateTime - deserialization with LocalDateTime.parse

How can I get data from PHP to Android TextView?